Jump to content

ahhitsrain

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

 Content Type 

Everything posted by ahhitsrain

  1. ahhitsrain

    thank you very much for being very patient and informative even though the system was clean, thanks very much MrCharlie

  2. ahhitsrain
    I would like to thank you very much for being very patient and informative even though the system was clean, thanks very much MrCharlie
  3. ahhitsrain
    Does that mean kaspersky and malwarebytes are conflicted with each other? or is it nothing to worry about
  4. ahhitsrain
    Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! Kaspersky Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 31 Java version out of Date! Adobe Flash Player 11.5.502.146 Adobe Reader 10.1.3 Adobe Reader out of Date! Mozilla Firefox (17.0.1) Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Kaspersky Lab Kaspersky Internet Security 2012 avp.exe Kaspersky Lab Kaspersky Internet Security 2012 x64 klwtblfs.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 35% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  5. ahhitsrain
    The scan has came out clean so it seems # AdwCleaner v2.105 - Logfile created 01/10/2013 at 00:08:20 # Updated 08/01/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Haro - HARO-PC # Boot Mode : Normal # Running from : C:\Users\Haro\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16455 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Users\Haro\AppData\Roaming\Mozilla\Firefox\Profiles\05bek29r.default\prefs.js [OK] File is clean. -\\ Google Chrome v23.0.1271.97 File : C:\Users\Haro\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [805 octets] - [10/01/2013 00:08:20] ########## EOF - C:\AdwCleaner[R1].txt - [864 octets] ##########
  6. ahhitsrain
    Oh, sorry ComboFix.txt
  7. ahhitsrain
    <p> </p> <div>ComboFix 13-01-08.01 - Haro 09/01/2013 23:48:37.1.4 - x64</div> <div>Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.8169.6452 [GMT 8:00]</div> <div>Running from: c:\users\Haro\Desktop\ComboFix.exe</div> <div>AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}</div> <div>FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}</div> <div>SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}</div> <div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>c:\programdata\DynuEncrypt.dll</div> <div>c:\users\Haro\AppData\Local\Temp\6bfc9bc0-9abb-43d6-a2d8-63788b3d3ecb\CliSecureRT64.dll</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((( Files Created from 2012-12-09 to 2013-01-09 )))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>2013-01-09 15:51 . 2013-01-09 15:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div> <div>2013-01-09 13:15 . 2013-01-09 13:15<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\TDSSKiller_Quarantine</div> <div>2013-01-08 08:24 . 2012-08-21 05:01<span class="Apple-tab-span" style="white-space:pre"> </span>33240<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\GEARAspiWDM.sys</div> <div>2013-01-08 08:24 . 2013-01-08 08:24<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69</div> <div>2013-01-08 08:24 . 2013-01-08 08:24<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\iTunes</div> <div>2013-01-08 08:24 . 2013-01-08 08:24<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\iTunes</div> <div>2013-01-08 08:24 . 2013-01-08 08:24<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\iPod</div> <div>2013-01-05 13:58 . 2013-01-05 13:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\PCHEALTH</div> <div>2013-01-05 13:56 . 2013-01-05 13:56<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Microsoft Office</div> <div>2013-01-05 13:56 . 2013-01-05 13:56<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Microsoft Analysis Services</div> <div>2013-01-05 13:55 . 2013-01-05 13:55<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----r-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\MSOCache</div> <div>2013-01-03 03:48 . 2013-01-09 15:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Haro\AppData\Local\PMB Files</div> <div>2013-01-03 03:48 . 2013-01-08 10:55<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\PMB Files</div> <div>2012-12-25 04:46 . 2012-12-25 04:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Microsoft XNA</div> <div>2012-12-23 14:54 . 2012-12-23 14:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Haro\.swt</div> <div>2012-12-20 04:24 . 2012-12-20 04:24<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\NVIDIA Corporation</div> <div>2012-12-17 23:48 . 2012-12-17 23:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\ATI</div> <div>2012-12-17 23:48 . 2012-12-17 23:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\AMD APP</div> <div>2012-12-17 06:44 . 2012-12-17 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Haro\AppData\Local\Macromedia</div> <div>2012-12-17 06:42 . 2012-12-17 06:42<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Haro\AppData\Local\Mozilla</div> <div>2012-12-17 06:42 . 2012-12-17 06:42<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Mozilla Maintenance Service</div> <div>2012-12-12 03:29 . 2012-12-12 03:29<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Common Files\Skype</div> <div>.</div> <div>.</div> <div>.</div> <div>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>2013-01-09 08:42 . 2012-04-22 08:02<span class="Apple-tab-span" style="white-space:pre"> </span>74248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerCPLApp.cpl</div> <div>2013-01-09 08:42 . 2012-04-22 08:02<span class="Apple-tab-span" style="white-space:pre"> </span>697864<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerApp.exe</div> <div>2012-12-14 08:49 . 2012-10-21 03:28<span class="Apple-tab-span" style="white-space:pre"> </span>24176<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div> <div>2012-10-30 16:05 . 2012-10-30 16:05<span class="Apple-tab-span" style="white-space:pre"> </span>821736<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\npDeployJava1.dll</div> <div>2012-10-30 16:05 . 2012-04-18 11:30<span class="Apple-tab-span" style="white-space:pre"> </span>746984<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\deployJava1.dll</div> <div>2012-10-30 14:03 . 2012-04-18 02:57<span class="Apple-tab-span" style="white-space:pre"> </span>637272<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\klif.sys</div> <div>2012-10-29 13:04 . 2012-08-08 04:24<span class="Apple-tab-span" style="white-space:pre"> </span>66395536<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MRT.exe</div> <div>2012-10-18 18:25 . 2012-11-17 01:12<span class="Apple-tab-span" style="white-space:pre"> </span>3149824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32k.sys</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>*Note* empty entries & legit default entries are not shown </div> <div>REGEDIT4</div> <div>.</div> <div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]</div> <div>"c:\program files (x86)\NetMeter\NetMeter.exe"="c:\program files (x86)\NetMeter\NetMeter.exe" [2009-08-09 293888]</div> <div>"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2012-07-04 235520]</div> <div>"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]</div> <div>"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-03 3093624]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</div> <div>"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]</div> <div>"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]</div> <div>"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-30 206448]</div> <div>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]</div> <div>"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]</div> <div>"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]</div> <div>"Z1"="c:\users\Haro\Desktop\mbar-1.01.0.1011 (1)\mbar\mbar.exe" [2013-01-09 1342312]</div> <div>.</div> <div>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\</div> <div>LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2012-10-31 522752]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div> <div>"ConsentPromptBehaviorAdmin"= 0 (0x0)</div> <div>"ConsentPromptBehaviorUser"= 3 (0x3)</div> <div>"EnableLUA"= 0 (0x0)</div> <div>"EnableUIADesktopToggle"= 0 (0x0)</div> <div>"PromptOnSecureDesktop"= 0 (0x0)</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]</div> <div>"DisableMonitoring"=dword:00000001</div> <div>.</div> <div>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]</div> <div>R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]</div> <div>R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]</div> <div>R3 ALSysIO;ALSysIO;c:\users\Haro\AppData\Local\Temp\ALSysIO64.sys [x]</div> <div>R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]</div> <div>R3 AthDfu;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]</div> <div>R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]</div> <div>R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]</div> <div>R3 Gun;Gun;f:\softnyxgame\GunBoundIS\Gun64.sys [2012-08-13 45176]</div> <div>R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]</div> <div>R3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-06-18 97792]</div> <div>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]</div> <div>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]</div> <div>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-17 1255736]</div> <div>R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]</div> <div>R3 X6va005;X6va005;c:\users\Haro\AppData\Local\Temp\0052D96.tmp [x]</div> <div>R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]</div> <div>S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000]</div> <div>S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]</div> <div>S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]</div> <div>S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]</div> <div>S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]</div> <div>S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]</div> <div>S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]</div> <div>S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]</div> <div>S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]</div> <div>S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]</div> <div>S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]</div> <div>S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]</div> <div>S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [2012-05-22 112128]</div> <div>S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]</div> <div>S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]</div> <div>S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]</div> <div>S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-09 539240]</div> <div>S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [2012-05-21 34944]</div> <div>.</div> <div>.</div> <div>Contents of the 'Scheduled Tasks' folder</div> <div>.</div> <div>2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job</div> <div>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 08:42]</div> <div>.</div> <div>2013-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3208197391-1747794391-1927213251-1000Core.job</div> <div>- c:\users\Haro\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-17 14:11]</div> <div>.</div> <div>2013-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3208197391-1747794391-1927213251-1000UA.job</div> <div>- c:\users\Haro\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-17 14:11]</div> <div>.</div> <div>.</div> <div>--------- X64 Entries -----------</div> <div>.</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]</div> <div>"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]</div> <div>"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]</div> <div>"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2779024]</div> <div>.</div> <div>------- Supplementary Scan -------</div> <div>.</div> <div>uLocal Page = c:\windows\system32\blank.htm</div> <div>mLocal Page = c:\windows\SysWOW64\blank.htm</div> <div>uInternet Settings,ProxyOverride = *.local</div> <div>IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm</div> <div>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000</div> <div>IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105</div> <div>TCP: DhcpNameServer = 192.168.178.1</div> <div>FF - ProfilePath - c:\users\Haro\AppData\Roaming\Mozilla\Firefox\Profiles\05bek29r.default\</div> <div>FF - ExtSQL: 2012-12-17 14:43; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Haro\AppData\Roaming\Mozilla\Firefox\Profiles\05bek29r.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi</div> <div>.</div> <div>- - - - ORPHANS REMOVED - - - -</div> <div>.</div> <div>Wow6432Node-HKLM-Run-<NO NAME> - (no file)</div> <div>SafeBoot-65586372.sys</div> <div>AddRemove-PunkBusterSvc - f:\origin\Battlefield 3\pbsvc.exe</div> <div>.</div> <div>.</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]</div> <div>"ImagePath"="\??\c:\users\Haro\AppData\Local\Temp\0052D96.tmp"</div> <div>.</div> <div>--------------------- LOCKED REGISTRY KEYS ---------------------</div> <div>.</div> <div>[HKEY_USERS\S-1-5-21-3208197391-1747794391-1927213251-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i* *±,\OpenWithList]</div> <div>@Class="Shell"</div> <div>"a"="vlc.exe"</div> <div>"MRUList"="a"</div> <div>.</div> <div>[HKEY_USERS\S-1-5-21-3208197391-1747794391-1927213251-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]</div> <div>@Denied: (2) (LocalSystem)</div> <div>"Progid"="WindowsLiveMail.Email.1"</div> <div>.</div> <div>[HKEY_USERS\S-1-5-21-3208197391-1747794391-1927213251-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]</div> <div>@Denied: (2) (LocalSystem)</div> <div>"Progid"="WindowsLiveMail.VCard.1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="FlashBroker"</div> <div>"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</div> <div>"Enabled"=dword:00000001</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</div> <div>@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="IFlashBroker5"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</div> <div>@="{00020424-0000-0000-C000-000000000046}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>"Version"="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="FlashBroker"</div> <div>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</div> <div>"Enabled"=dword:00000001</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="Shockwave Flash Object"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"</div> <div>"ThreadingModel"="Apartment"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</div> <div>@="0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</div> <div>@="ShockwaveFlash.ShockwaveFlash.11"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</div> <div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</div> <div>@="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div> <div>@="ShockwaveFlash.ShockwaveFlash"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="Macromedia Flash Factory Object"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"</div> <div>"ThreadingModel"="Apartment"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</div> <div>@="FlashFactory.FlashFactory.1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</div> <div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</div> <div>@="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div> <div>@="FlashFactory.FlashFactory"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="IFlashBroker5"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</div> <div>@="{00020424-0000-0000-C000-000000000046}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>"Version"="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]</div> <div>@="?????????????????? v1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]</div> <div>@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]</div> <div>@="?????????????????? v2"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]</div> <div>@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]</div> <div>@Denied: (A) (Everyone)</div> <div>"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]</div> <div>@Denied: (A) (Everyone)</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]</div> <div>"Key"="ActionsPane3"</div> <div>"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]</div> <div>@Denied: (Full) (Everyone)</div> <div>.</div> <div>Completion time: 2013-01-09 23:53:11</div> <div>ComboFix-quarantined-files.txt 2013-01-09 15:53</div> <div>.</div> <div>Pre-Run: 34,752,499,712 bytes free</div> <div>Post-Run: 34,474,479,616 bytes free</div> <div>.</div> <div>- - End Of File - - BE390DE3345B5DE8B0A11087831EE48E</div> <div> </div>
  8. ahhitsrain
    Attached are the logs you asked for mbar-log-2013-01-09 (23-18-31).txt system-log.txt
  9. ahhitsrain
    Hello MrCharlie, thanks for helping me here is the following log for RK RogueKiller V8.4.3 [Jan 8 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Haro [Admin rights] Mode : Scan -- Date : 01/09/2013 23:07:22 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 9 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG SSD 830 Series ATA Device +++++ --- User --- [MBR] 03d2e079e209e5f460fdfd8140bf07ec [bSP] d914afe430ba5015513313572218e2f4 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122102 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD1001FALS-00J7B0 ATA Device +++++ --- User --- [MBR] 0b901b21f15bb2d6b2e06344c42a9b0f [bSP] 986d4a0fa06cd0867514ad9abe05d92d : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: INTEL SSDSC2CW120A ATA Device +++++ --- User --- [MBR] cead2f00ee2ebdb5a4f83e35472248fa [bSP] 776e62644e39c187bff85d3ca08aab0e : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: WDC WD20EARX-00PASB0 ATA Device +++++ --- User --- [MBR] 87fe8528c24e0b40c6da30c325a4dd08 [bSP] aa7694d1b9f0f78e254992e4e1866f04 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_01092013_02d2307.txt >> RKreport[1]_S_01092013_02d2307.txt
  10. ahhitsrain
    Hello, there was an unusual balloon notification coming from malwarebytes that said: BLOCK 80.82.70.245 (Type: outgoing, Port: 54105, Process: svchost.exe) am i infected with something? or is this normal? Here are the relevant logs, many thanks for your assistance Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.09.05 Windows XP Service Pack 3 x64 NTFS Internet Explorer 9.0.8112.16421 Haro :: HARO-PC [administrator] Protection: Enabled 9/01/2013 10:02:41 PM mbam-log-2013-01-09 (22-02-41).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 284643 Time elapsed: 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_31 Run by Haro at 21:56:59 on 2013-01-09 Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.8169.2861 [GMT 8:00] . AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\NetMeter\NetMeter.exe C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\LOLReplay\LOLRecorder.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Winamp\winamp.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Haro\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll uRun: [Google Update] "C:\Users\Haro\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [C:\Program Files (x86)\NetMeter\NetMeter.exe] C:\Program Files (x86)\NetMeter\NetMeter.exe uRun: [steelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:12 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab TCP: NameServer = 192.168.178.1 TCP: Interfaces\{3303F4EE-6C92-416C-B094-821818E3B852} : DHCPNameServer = 192.168.178.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: klogon - C:\Windows\System32\klogon.dll x64-SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Haro\AppData\Roaming\Mozilla\Firefox\Profiles\05bek29r.default\ FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Haro\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Windows\System32\npDeployJava1.dll FF - plugin: C:\Windows\System32\npmproxy.dll FF - plugin: C:\Windows\System32\npOGPPlugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - plugin: C:\Windows\SysWOW64\npOGPPlugin.dll FF - ExtSQL: 2012-12-17 14:43; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Haro\AppData\Roaming\Mozilla\Firefox\Profiles\05bek29r.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi . ============= SERVICES / DRIVERS =============== . R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-8-28 297000] R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-28 239616] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 206448] R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464] R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-7-4 21992] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-21 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-21 682344] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-10-27 301680] R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-10-27 203624] R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-10-27 156520] R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-10-27 279152] R3 busenum;SteelBusSvc;C:\Windows\System32\drivers\SteelBus64.sys [2012-5-23 112128] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-21 24176] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-30 80384] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-30 180736] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] R3 SAlphamHid;SteelHIDSvc;C:\Windows\System32\drivers\SAlpham64.sys [2012-5-21 34944] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-10-27 38248] S3 AthDfu;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2010-10-27 55336] S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-10-27 58992] S3 Gun;Gun;F:\SoftnyxGame\GunboundIS\Gun64.sys [2012-8-13 45176] S3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2012-6-18 97792] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-4-18 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-18 1255736] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088] S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] . =============== Created Last 30 ================ . 2013-01-09 13:15:43 -------- d-----w- C:\TDSSKiller_Quarantine 2013-01-09 05:49:43 -------- d-----w- C:\Users\Haro\AppData\Local\{36F40DE1-D475-4CEB-B96F-B2A7E2C477AF} 2013-01-08 17:49:20 -------- d-----w- C:\Users\Haro\AppData\Local\{1F3CBD54-C7C4-49CD-B52B-E2DEC3F5E0C4} 2013-01-08 08:24:52 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2013-01-08 08:24:47 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-01-08 08:24:47 -------- d-----w- C:\Program Files\iTunes 2013-01-08 08:24:47 -------- d-----w- C:\Program Files\iPod 2013-01-08 08:24:47 -------- d-----w- C:\Program Files (x86)\iTunes 2013-01-08 05:11:48 -------- d-----w- C:\Users\Haro\AppData\Local\{80382736-3917-4333-9180-62FACB85D1DA} 2013-01-07 17:11:25 -------- d-----w- C:\Users\Haro\AppData\Local\{864539B2-EA31-41E2-B1C2-65485417B1B8} 2013-01-07 04:37:06 -------- d-----w- C:\Users\Haro\AppData\Local\{6F23DED4-91AE-4E0C-A857-218576CCA19B} 2013-01-06 16:36:41 -------- d-----w- C:\Users\Haro\AppData\Local\{E961DFAF-7B09-4127-92CF-E0FFAD11A5B5} 2013-01-06 04:36:19 -------- d-----w- C:\Users\Haro\AppData\Local\{B574EF6A-42C9-4FF6-B553-A71F8AC30B6E} 2013-01-05 14:58:03 -------- d-----w- C:\Users\Haro\AppData\Local\{87F0A5D0-0235-48BB-9693-7F36E7088B9E} 2013-01-05 13:58:25 -------- d-----w- C:\Windows\PCHEALTH 2013-01-05 13:56:09 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2013-01-05 02:57:52 -------- d-----w- C:\Users\Haro\AppData\Local\{917BD89B-A418-4FB1-B5D2-B4C3FAA891DC} 2013-01-04 02:40:08 -------- d-----w- C:\Users\Haro\AppData\Local\{27B77A80-63E2-4A24-98A3-6F066CEF4680} 2013-01-03 03:48:26 -------- d-----w- C:\Users\Haro\AppData\Local\PMB Files 2013-01-03 03:48:25 -------- d-----w- C:\ProgramData\PMB Files 2013-01-03 02:24:24 -------- d-----w- C:\Users\Haro\AppData\Local\{B7290A15-9BC1-4A57-9769-F2D194417716} 2013-01-02 10:35:13 -------- d-----w- C:\Users\Haro\AppData\Local\{665E2D6C-1D1F-4D51-BBD5-26029F44277A} 2013-01-01 22:35:00 -------- d-----w- C:\Users\Haro\AppData\Local\{C71098B9-13BB-4688-879F-ECD4546471A1} 2013-01-01 02:55:25 -------- d-----w- C:\Users\Haro\AppData\Local\{DEC77550-8C03-45AD-9F10-CE84868A7911} 2012-12-31 07:56:31 -------- d-----w- C:\Users\Haro\AppData\Local\{36B1A09B-F55F-401C-B497-7B435E9ED09A} 2012-12-30 19:56:04 -------- d-----w- C:\Users\Haro\AppData\Local\{F7C6FFED-3224-4AC4-BC6E-9309D5159BA5} 2012-12-30 03:28:08 -------- d-----w- C:\Users\Haro\AppData\Local\{4AB4DBF2-C2DF-4291-8891-DB0E71B27999} 2012-12-29 15:27:22 -------- d-----w- C:\Users\Haro\AppData\Local\{45F0248A-ACCD-42E1-A7BA-D67AEFF24031} 2012-12-29 03:27:00 -------- d-----w- C:\Users\Haro\AppData\Local\{9889C343-98E4-4D34-9AE5-679F7490EF6A} 2012-12-28 15:26:37 -------- d-----w- C:\Users\Haro\AppData\Local\{8BA434AD-83D8-4CFB-9DA6-4B5FB54D7FF1} 2012-12-28 00:57:54 -------- d-----w- C:\Users\Haro\AppData\Local\{5FDC3914-406A-4DF1-ADD7-232C6B4CEF1E} 2012-12-27 06:11:44 -------- d-----w- C:\Users\Haro\AppData\Local\{4DB9EB7E-D89A-4734-B316-075C6C88D87D} 2012-12-26 14:11:56 -------- d-----w- C:\Users\Haro\AppData\Local\{066CC873-8B87-4787-8F0F-BEA5724A5897} 2012-12-26 01:45:58 -------- d-----w- C:\Users\Haro\AppData\Local\{E9BAC422-C40D-4466-8DA1-4EE60F6EACDA} 2012-12-25 04:46:26 -------- d-----w- C:\Windows\SysWow64\directx 2012-12-25 04:46:10 -------- d-----w- C:\Program Files (x86)\Microsoft XNA 2012-12-25 02:56:05 -------- d-----w- C:\Users\Haro\AppData\Local\{84289E84-D1B5-4A5A-9C1D-0132C7184292} 2012-12-24 14:55:42 -------- d-----w- C:\Users\Haro\AppData\Local\{C3A81E06-87F0-4D83-9F88-20FC9F300BB4} 2012-12-24 02:34:12 -------- d-----w- C:\Users\Haro\AppData\Local\{EA2649E4-AA7E-4DB0-8F05-AAF1EDE478BD} 2012-12-23 14:54:06 -------- d-----w- C:\Users\Haro\.swt 2012-12-23 14:33:37 -------- d-----w- C:\Users\Haro\AppData\Local\{8DE4655F-5E5F-4709-9D6B-C101059F09FC} 2012-12-23 02:33:25 -------- d-----w- C:\Users\Haro\AppData\Local\{40F9B5A0-9883-4144-B7FD-0DF61F3B5BA9} 2012-12-22 03:11:51 -------- d-----w- C:\Users\Haro\AppData\Local\{819EAD95-1AFC-4931-86D8-71611D5CB46C} 2012-12-21 15:11:27 -------- d-----w- C:\Users\Haro\AppData\Local\{3F6E520C-41ED-4A61-9EA5-723FDDBEDC92} 2012-12-21 02:34:12 -------- d-----w- C:\Users\Haro\AppData\Local\{5E7EE51E-FB0C-4B65-BB23-1DF729F129F6} 2012-12-20 14:33:38 -------- d-----w- C:\Users\Haro\AppData\Local\{A6F9935E-96DF-4EB9-A669-4AC14319B8BC} 2012-12-20 04:24:32 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation 2012-12-20 02:33:28 -------- d-----w- C:\Users\Haro\AppData\Local\{8C44A21D-7400-4514-9CC4-CCA0F3F147EF} 2012-12-19 13:35:40 -------- d-----w- C:\Users\Haro\AppData\Local\{CB9BAF72-9D7E-481C-97A9-C8BD68EA57CF} 2012-12-19 01:35:29 -------- d-----w- C:\Users\Haro\AppData\Local\{FBEB5042-7D54-4810-8A95-9DD79AF8B9DA} 2012-12-18 12:49:42 -------- d-----w- C:\Users\Haro\AppData\Local\{0D375A03-BE79-4402-8321-F91222ABD718} 2012-12-18 00:49:20 -------- d-----w- C:\Users\Haro\AppData\Local\{AD1ECA6C-5582-491D-91C2-5362B3B53F79} 2012-12-17 23:48:36 -------- d-----w- C:\Program Files (x86)\AMD APP 2012-12-17 12:48:46 -------- d-----w- C:\Users\Haro\AppData\Local\{16957AD8-AD9C-4A6F-B87B-DF2B842FE0A8} 2012-12-17 06:44:16 -------- d-----w- C:\Users\Haro\AppData\Local\Macromedia 2012-12-17 00:48:24 -------- d-----w- C:\Users\Haro\AppData\Local\{6553AB3E-3FA7-4CA9-A607-A8BB09448364} 2012-12-16 15:32:50 -------- d-----w- C:\Users\Haro\AppData\Local\{794FF2A6-024A-4755-9517-AA2D3F40D2FD} 2012-12-16 03:32:28 -------- d-----w- C:\Users\Haro\AppData\Local\{E57D5483-126A-415E-A12A-CB80AE5C079C} 2012-12-15 15:31:52 -------- d-----w- C:\Users\Haro\AppData\Local\{03496FF9-F290-4894-84A6-039B09EBE56E} 2012-12-15 03:31:18 -------- d-----w- C:\Users\Haro\AppData\Local\{6F9991DF-6B19-47A0-B3E4-B7ED69E5D828} 2012-12-14 15:30:55 -------- d-----w- C:\Users\Haro\AppData\Local\{E1757AC7-F648-461A-B79A-AB800D7012B5} 2012-12-14 01:32:52 -------- d-----w- C:\Users\Haro\AppData\Local\{B4DBF27B-1DC4-42A5-835D-A7CDFF13AF38} 2012-12-13 02:00:10 -------- d-----w- C:\Users\Haro\AppData\Local\{266A18CB-3A91-4374-97A9-664099D430E6} 2012-12-12 03:33:31 -------- d-----w- C:\Users\Haro\AppData\Local\{1EF23F0A-C507-4B74-95FD-83E444721C4C} 2012-12-11 15:32:58 -------- d-----w- C:\Users\Haro\AppData\Local\{938AF9B9-33D3-429D-9B55-79AE84EA6461} 2012-12-11 03:10:05 -------- d-----w- C:\Users\Haro\AppData\Local\{7A12A63F-84D0-4C85-A9BE-38C820798AC9} 2012-12-10 15:09:31 -------- d-----w- C:\Users\Haro\AppData\Local\{F9A34C13-7049-4D8C-940A-1FB394F340FC} . ==================== Find3M ==================== . 2013-01-09 08:42:25 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 08:42:25 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-12-14 08:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-10-30 16:05:18 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-10-30 16:05:18 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 21:57:11.60 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 17/04/2012 9:53:27 PM System Uptime: 9/01/2013 9:18:16 PM (0 hours ago) . Motherboard: ASUSTeK COMPUTER INC. | | P8P67 Processor: Intel® Core i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 112 GiB total, 26.509 GiB free. D: is CDROM () E: is FIXED (NTFS) - 1863 GiB total, 1359.184 GiB free. F: is FIXED (NTFS) - 932 GiB total, 322.413 GiB free. R: is FIXED (NTFS) - 119 GiB total, 30.672 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5} Description: Virtual Bluetooth Support Device ID: BTHENUM\{CBECAB40-A2C8-4AB3-ADC1-DE0FE95D8600}_LOCALMFG&0000\8&2E9958BA&0&000000000000_00000000 Manufacturer: Atheros Communications Name: Virtual Bluetooth Support PNP Device ID: BTHENUM\{CBECAB40-A2C8-4AB3-ADC1-DE0FE95D8600}_LOCALMFG&0000\8&2E9958BA&0&000000000000_00000000 Service: AthBTPort . Class GUID: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5} Description: Bluetooth LWFLT Device Device ID: BTHENUM\{DD533152-01F4-435C-ABFE-984BC21A2A65}_LOCALMFG&0000\8&2E9958BA&0&000000000000_00000000 Manufacturer: Atheros Communications Name: Bluetooth LWFLT Device PNP Device ID: BTHENUM\{DD533152-01F4-435C-ABFE-984BC21A2A65}_LOCALMFG&0000\8&2E9958BA&0&000000000000_00000000 Service: BTATH_LWFLT . ==== System Restore Points =================== . RP94: 5/01/2013 9:55:44 PM - Installed Microsoft Office Professional 2010 RP95: 8/01/2013 4:24:24 PM - Installed iTunes . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Media Foundation Decoders Apple Application Support Apple Mobile Device Support Apple Software Update AVM FRITZ!Box Info AVM FRITZ!Box Printer Bastion Battlelog Web Plugins Bluetooth Win7 Suite (64) Bonjour Browser Configuration Utility Canon IJ Network Scanner Selector EX Canon IJ Network Tool Canon MG4100 series MP Drivers Canon MP Navigator EX 5.0 Canon My Printer Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Counter-Strike: Global Offensive CPUID HWMonitor 1.19 D3DX10 Definition update for Microsoft Office 2010 (KB982726) Diablo III Dota 2 DragonNest EPSON TX120 NX120 Series Printer Uninstall ESN Sonar Far Cry® 3 Fraps (remove only) GOM Player GOMTV Streamer Google Chrome Guild Wars 2 GunboundIS Hi-Rez Studios Authenticate and Update Service HiJackThis Intel® Management Engine Components iTunes Java Auto Updater Java 6 Update 31 Junk Mail filter update Kaspersky Internet Security 2012 League of Legends Left 4 Dead 2 LOLReplay Malwarebytes Anti-Malware version 1.70.0.1100 MapleStory marvell 91xx console driver Mass Effect™ 3 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft XML Parser Microsoft XNA Framework Redistributable 3.1 Mozilla Firefox 17.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mumble 1.2.3 Need for Speed™ Most Wanted Nero 8 Essentials neroxml NetMeter 1.1.4 BETA Nexon Game Manager NVIDIA PhysX Origin Pando Media Booster PlanetSide 2 PunkBuster Services Razer Synapse 2.0 Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Renesas Electronics USB 3.0 Host Controller Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Skype™ 6.0 Spybot - Search & Destroy StarCraft II Steam SteelSeries Engine Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) VCRedistSetup VLC media player 2.0.4 Winamp Winamp Application Detect Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Worms Reloaded . ==== Event Viewer Messages From Past Week ======== . 9/01/2013 9:19:23 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 9/01/2013 9:19:20 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 9/01/2013 9:19:20 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 9/01/2013 9:19:20 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801. 8/01/2013 4:25:23 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running. 8/01/2013 4:24:23 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 2/01/2013 6:33:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.